Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
Description
Post-authentication remote code execution via unsafe .NET object deserialization in DELMIA Apriso from Release 2017 through Release 2022.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Post-authentication remote code execution via unsafe .NET object deserialization in DELMIA Apriso from Release 2017 through Release 2022.
Vulnerability
An unsafe .NET object deserialization vulnerability exists in DELMIA Apriso, affecting all versions from Release 2017 through Release 2022 [1]. The flaw lies in the deserialization of user-controlled .NET objects, which can be exploited after authentication.
Exploitation
An authenticated attacker can craft a malicious .NET serialized object and send it to an affected DELMIA Apriso instance. The attacker must have valid credentials to access the application's deserialization endpoints. No user interaction is required beyond the attacker's own actions.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the DELMIA Apriso application, leading to full remote code execution post-authentication. This can result in complete compromise of the affected system.
Mitigation
As of the publication date (2023-04-21), no specific patch or workaround has been disclosed in the available reference [1]. Users are advised to monitor the vendor's advisory page for updates and apply the fix when released.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2>= Release 2017 <= Release 2022+ 1 more
- (no CPE)range: >= Release 2017 <= Release 2022
- (no CPE)range: Apriso 2017 Golden
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.